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REMARKS 



Amendments to the specification have been made and are submitted herewith in the 
attached Substitute Specification. A clean copy of the specification and a marked-up version 
showing the changes made are attached herewith. The claims and abstract have been amended in 
the attached Preliminary Amendment. All amendments have been made to place the application 
in proper U.S. format and to conform with proper grammatical and idiomatic English. None of 
the amendments herein are made for reasons related to patentability. No new matter has been 
added . 

In the unlikely event that the transmittal letter is separated from this document and the 
Patent Office determines that an extension and/or other relief is required, applicant petitions for 
any required relief including extensions of time and authorizes the Commissioner to charge the 
cost of such petitions and/or other fees due in connection with the filing of this document to 
Deposit Account No. 03-1952 referencing docket no. 449122079200 . However, the 
Commissioner is not authorized to charge the cost of the issue fee to the Deposit Account. 
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CLAIM FOR PRIORITY 



This application is a national stage of PCT/EP2002/007303, 
published in the German language on January 15, 2004, which 
10 was filed on July 2, 2002. 



TECHNICAL FIELD OF THE INVENTION 
The invention relates to methods and devices for enabling 
data transmitted over a public land mobile network to be 
15 monitored. 



BACKGROUND OF THE INVENTION 
In the mobile radio interception device according to 
US2002/078384 Al, each lawful interception gateway (LIG) 
20 knows the address of each LEA in order to transmit 

intercepted user data packets to the LEA via the LIG 
interface X3. 



A means of monitoring calls between mobile radio users that 
25 is known to the person skilled in the art, as illustrated in 
Figure 1, provides that the communication (conversations or 
multimedia data transmission) between two mobile radio users 
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of one or more public land mobile networks is monitored in 
that the user data transmitted between the mobile radio 
users, while on its way through (at least) one public land 
mobile network, is copied in a switching device (for example 
5 SGSN) which has stored a list containing identities of users 
subject to call-tapping (MSISDN and/or IMSI and/or IMEI) and 
the copied user data is transmitted via an interface (= 
border gateway) to monitoring devices belonging to the secret 
intelligence services, federal border police, police, etc. 

10 Since there are a number of government agencies in a number 
of local offices that can be responsible for monitoring 
mobile radio users, the copied data is transmitted by 
switching devices which copy the data to be intercepted to 
further switching devices (border gateways) at network 

15 gateways of the public land mobile network, which gateways 
each set up a secure connection, such as, for example, an 
IPsec tunnel over the Internet etc., to one of the listening 
stations LEA (of the police or the federal border police, 
etc.), via which secure connection the data is transmitted in 

20 encrypted form to the listening station responsible. As the 
exchanges carrying out the transmission to the listening 
stations LEA at borders of a public land mobile network are 
to be provided at least once per public land mobile network 
and the transmission is performed separately to each 

25 listening station LEA, a key management means is required in 
each of these interface switching devices (border gateways) 
for each of the listening stations. 
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Figure 1 is a block diagram showing a mobile radio terminal 
device 1 (a mobile station / a communicator etc.) which 
communicates with a further user (14) via an air interface 
5 transmission device (RNC or BS) 2 and via a switching device 
(VSGSN etc.) 3 of a first public land mobile network 4 and 
possibly a further public land mobile network or a fixed 
network or via an Internet access point over the Internet 
(http / wap etc.). In the example shown in Figure 1, it is 

10 made possible for the competent government agencies in each 
case (police/federal border police/secret intelligence 
service etc.), each having a listening station LEA 6, 7, 8, 
9, to monitor calls of users 1 over a public land mobile 
network 4 in such a way that data representing the call (or 

15 the multimedia transmission over the Internet, etc.) is 

identified (during registration or by monitoring of the data 
stream) on its way through the public land mobile network 4 
by a switching device (SGSN or VSGSN or HSGSN or other 
exchange V) 3 (insofar as said data originates from devices 

20 or persons (1) to be monitored according to a list held in 
the exchange 3) and a copy of the data is transmitted to an 
interface switching device (border gateway) 11 which in turn 
transmits the copied data in a secure tunnel, for example an 
IPsec tunnel, to the competent government agency f s listening 

25 station (bugging devices with computers or recording devices 
or telephone etc.) responsible for monitoring said user (1) 
or his terminal device. For this purpose, there is provided 
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in each public land mobile network at least one interface 
switching device (border gateway) 11, 12 which sets up a 
separate connection in each case to each of the listening 
stations 6 to 9. 

5 As the transmission between the interface switching devices 
(border gateways) 11/ 12 and the listening stations 7 to 9 is 
ideally to be executed in an intercept-proof manner, it takes 
place for example in encrypted form, with keys to be used for 
the transmission having to be administered separately in each 
10 switching device 11, 12 for each listening station 6 to 9 
(key management) . 

SUMMARY OF THE INVENTION 
The object of the present invention is to enables: the 
15 monitoring of data to be intercepted which is associated with 
users of a public land mobile network in an efficient and 
reliable manner. Thio object is achioved in each case by the 
subject matter of the independent claims. 

20 The invcntivo ln one embodiment, the monitoring handling 

device (= Central Interception Handler CIH) via which data to 
be intercepted is transmitted to listening stations of the 
different government agencies responsible considerably 
simplifies key management compared with the previously 

25 practised solution of individual connections from listening 
stations LEA to interface switching devices (border 
gateways) . Nevertheless, the transmission of the intercepted 
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data to the listening devices is still very secure and is 
also possible for example via the Internet, since (in an 
easy-to-administer manner according to the invention) an 
encrypted transmission can take place from the monitoring 
5 handling device CIH to the listening stations LEA. At the 
same time it is possible for only one monitoring handling 
device CIH to be used per public land mobile network or by a 
number of public land mobile networks, for example, or 
alternatively a plurality of monitoring handling devices can 
10 be used for one public land mobile network. 

BRIEF DESCRIPTION OF THE DRAWINGS 
Further features and advantages will emerge from the claims 
and the following description of an The invention will be 
15 described in more detail below with reference to the 

exemplary embodiments with reference to thc illustrated in the 
drawings^ in which: 

Figure 1 is a block diagram showing the monitoring of user 
20 data transmitted over a public land mobile network 

according to the prior art having individual 
connections between switching devices — (border 
gateways) — and listening stations — (LEA) — on the side 
of competent government agencies in each case, — j_ 
25 Figure 2 is a block diagram showing the monitoring of data 

transmitted over a public land mobile network 
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according to the invention having a central 
monitoring handling device CIH. 

DETAILED DESCRIPTION OF THE INVENTION 
5 According to Figure 2j_ the monitoring of data transmitted 
over a public land mobile network is supported by a 
monitoring handling device CIH 14 which considerably 
simplifies the key management for the secure (encrypted) 
transmission over a packet-switched network (for example by 
10 means of IPsec) . As already explained in relation to Figure 

I, in the example shown in Figure 2 data (voice data or other 
user data) of a mobile radio user is also transmitted over a 
public land mobile network (or some other telecommunication 
network) by means of packet switching to a further 

15 telecommunication network (public land mobile network, or 
fixed network, or Internet, or other packet-switched 
network) . On its way through the telecommunication network 4 
the data (data packets) is copied by a switching device 
(which has stored a table of users to be monitored) and the 

20 copies of the data are transmitted via a switching device 

(border gateway) to listening stations LEA. In the process, 
however, according to the invention a tunnel will be set up, 
not between the interface switching devices (border gateways 

II, 12) and the listening stations 6, 7, 8, 9, but between 
25 the interface switching device 11 (or 12) and a central 

monitoring handling device CIH 14 which performs a secure 
transmission (for example using the Internet Protocol or in 



t 

WO 200 4 /006553 PCT/EP2002/007303 

7 

some other packet-switched protocol over the Internet or 
another network) to the listening station 7 responsible for 
this user. For this purpose the monitoring device 14 has a 
table of addresses (IP addresses) of all the listening 
5 stations LEA 6, 7, 8, 9. 

In addition the monitoring handling device CIH 14 has a 
memory (or access to a memory) containing a list of keys, 
with at least one key being stored for a specific listening 

10 station LEA 6/7/8/9 in each case, by means of which key the 
intercepted data is to be transmitted to this listening 
station 6/7/8/9 in encrypted form. In the example shown, the 
data is transmitted by the monitoring handling device 14 to 
the respective competent (at least one) listening station 6, 

15 7, 8, 9 for all listening stations via the same packet- 
switched switching device (router V) 16. 

Advantageously^ according to the invention the address (IP 
address etc.) of the competent listening station LEA 6/7/8/9 
20 must be known only is known by— to the monitoring device CIH 
14_^ and not to each interface switching device (border 
gateway) 11, 12 and the key management also only hao to takes 
place in the monitoring handling device 14 (Central 
Interception Handler CIH) . 

25 

Necessary address translations are possible based on a list 
of the assignments in the CIH. 
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The transmission of the data between the interface switching 
devices (border gateways) 11, 12 of a network takes place for 
example over a secure connection/IPsec tunnel between 
switching devices (border gateways) and the monitoring 
handling device 14. The monitoring handling device CIH 14 can 
be part of the network in which one or all of the listening 
stations 6 to 9 are disposed, in other words can be located 
in this network. 
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Claimo What is claimed is: 



